Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/HIPAA

Compliance & Regulation

1 min read

What is HIPAA?

TL;DR

HIPAA (Health Insurance Portability and Accountability Act) is US legislation that protects the privacy and security of health information.

HIPAA (Health Insurance Portability and Accountability Act) is US legislation that protects the privacy and security of health information. Any organization that creates, receives, maintains, or transmits Protected Health Information (PHI) must comply.

Key rules: Privacy Rule (defines how PHI can be used and disclosed), Security Rule (requires administrative, physical, and technical safeguards for electronic PHI), Breach Notification Rule (requires notification within 60 days of discovering a breach), and Enforcement Rule (penalties for violations).

For technology companies: HIPAA requires encryption at rest and in transit, access controls and audit logging, Business Associate Agreements (BAAs) with all vendors handling PHI, incident response procedures, and regular risk assessments. Cloud providers (AWS, GCP, Azure) offer HIPAA-eligible services with BAAs.

Why It Matters

HIPAA violations carry penalties up to $1.9M per violation category per year. More importantly, health data breaches destroy patient trust and can end healthcare technology businesses.

Frequently Asked Questions

What is HIPAA?

US legislation protecting health information privacy and security. Applies to any organization handling Protected Health Information (PHI). Requires encryption, access controls, audit logging, and BAAs with vendors.

Does my SaaS need HIPAA compliance?

If you handle any Protected Health Information (PHI) — patient names, diagnoses, treatment info, insurance IDs — yes. If you serve healthcare customers, you need HIPAA compliance even if you only process PHI in transit.

Related Terms

SOC 2 GDPR Data Governance

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is HIPAA?

Does my SaaS need HIPAA compliance?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks